SAP Ariba and SAP Business Network Cloud Computing Compliance Criteria Catalog (C5:2020) Audit Report 2024 H1
SAP Ariba and SAP Business Network, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba ’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.
The scope of this report covers the following data center locations:
| DC Locations | DC Providers |
Council Bluffs, Iowa | Google Cloud Platform |
Sydney, Australia | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Shanghai, China | SAP Cloud Infrastructure |
Riyadh, Kingdom of Saudi Arabia | SAP Cloud Infrastructure |
Dubai, United Arab Emirates | SAP Cloud Infrastructure |
Cloud Computing Compliance Controls Catalogue (C5) reports are prepared in accordance with attestation standards established by the American Institute of Certified Public Accountants (“AICPA”) and in accordance with the International Standard on Assurance Engagements (“ISAE”) 3000 Revised, Assurance Engamenets Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Board (IAASB). C5 outlines minimum security for cloud computing, aimed at cloud providers, auditors, and clients. Introduced in 2016, it helps customers choose a secure cloud provider and tailor a risk management system. C5 assures cloud services security by providing transparency via a standardized examination and reporting system. The 2020 version of C5 includes 125 criteria from 17 areas, based on national and international standards and publications.
SAP Ariba and SAP Business Network has regularly prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023 to 31. March 2024.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.
SAP Ariba and SAP Business Network, an SAP Company is a leading provider of on-demand spend management solutions. SAP Ariba’s mission is to transform the way companies of all sizes, across all industries, and geographies operate by delivering technology, service, and network solutions that enable them to holistically source, contract, procure, pay, manage and analyze their spend and supplier relationships. Delivered on demand, SAP Ariba ’s enterprise-class offerings empower companies to achieve greater control of their spend and drive continuous improvements in financial and supply-chain performance. Thousands of companies use SAP Ariba solutions to manage their spend from sourcing and orders through invoicing and payment.
The scope of this report covers the following data center locations:
| DC Locations | DC Providers |
Council Bluffs, Iowa | Google Cloud Platform |
Sydney, Australia | Google Cloud Platform |
Frankfurt, Germany | Google Cloud Platform |
Tokyo, Japan | Google Cloud Platform |
Shanghai, China | SAP Cloud Infrastructure |
Riyadh, Kingdom of Saudi Arabia | SAP Cloud Infrastructure |
Dubai, United Arab Emirates | SAP Cloud Infrastructure |
Cloud Computing Compliance Controls Catalogue (C5) reports are prepared in accordance with attestation standards established by the American Institute of Certified Public Accountants (“AICPA”) and in accordance with the International Standard on Assurance Engagements (“ISAE”) 3000 Revised, Assurance Engamenets Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Board (IAASB). C5 outlines minimum security for cloud computing, aimed at cloud providers, auditors, and clients. Introduced in 2016, it helps customers choose a secure cloud provider and tailor a risk management system. C5 assures cloud services security by providing transparency via a standardized examination and reporting system. The 2020 version of C5 includes 125 criteria from 17 areas, based on national and international standards and publications.
SAP Ariba and SAP Business Network has regularly prepared C5 Type 2 audit reports by an independent 3rd party accountant. This version of the report covers the audit period 1. April 2023 to 31. March 2024.
The use of these reports is restricted. A copy of this report is available for all SAP customers and prospects with non-disclosure agreement in place.